sinking feeling.....

OK I got an email and this email was from a girl I know but it was not meant for me. It did have text in it that let me know she really did write this email. It also had an attachment "sumo1" with 2 file extensions including scr as the second. Anyway I knew it was a nasty but AVG didn't kick off at first so I saved the file in "my documents" so I could check it out. Every time I open "my documents" the screen turns black, sounds like its some sort of activation to the monitor itself. Ah ok scanning w/AVG now and it found "I-Worm/Bugbear" already.

I knew it was a nasty I just wanted to see which one. Argh I guess from now on I won't play investigator. About time to send an email to my friend after I get cleaned up here. FFS!

hmmm AV cleaned it just fine, dont see why it didnt find it before I saved it to disk though. The file name is sumo1.jpg.scr BTW and it tries to open itself in OE but I suppose it's my settings that make it ask first. Anyway AVG cleaned it for sure b/c I ran the NOD32 removal tool from "free tools" and it found nothing so ;-)

The email address most probably has been harvested. Chances are big, the girl you know has not been infected at all. Nice job, sending here the removal tool - as a standard, I recommend using these in the Safe Mode.

I don't understand how the thing would get here without her being infected though, it used her full first and last name which I have in my addy book but it's also what she uses to my knowledge..... and then the email addy with the right #s even?

I think what Paul means is that the virus came from a computer that has both yours en her e-mailadress on it.
This is called spoofing: the virus active on computer C makes it look like it sent an e-mail from A to B.
Correct me if I'm wrong.
Have a look here: http://www.naavi.com/cl_editorial/edit_29april2_02_1.html

Pieter - thing is, there is no computer like that... Or so I believe. Just a friend of mine from a college that I kept in touch with over email for a while; we've got no common friends whatsoever! That's whats confounding about it.

Ghost is correct AVG doesn't have POP scanning like some of the other AV's have. For instance, Norton scans while the mail is comming in.
All good AV should be including mail scan by now.
Get Norton damit and go get the daily updates.

quoting: Detox link=board=31;threadid=4519;start=0#30410 date=1036380203]
Pieter - thing is, there is no computer like that... Or so I believe. Just a friend of mine from a college that I kept in touch with over email for a while; we've got no common friends whatsoever! That's whats confounding about it.

"In some cases the worm fakes the email address of the sender - making it look as if an innocent third party sent the worm. This creates further confusion and makes it difficult to warn the infected parties of the problem."

and

"Rod Fewster of NOD32 Antivirus Systems said Bugbear used more sophisticated "sender address" spoofing than Klez.
"Bugbear can "mix and match" info from email addresses, combining the text prior to the @ symbol of one address with the text following the @ symbol of another address, which further confuses the identify of the real sender," he said."